Not If, but When: The case for Advanced Malware Protection Everywhere

A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks.

This is due to something we have said before and we will say again: malware is “the weapon of choice” for malicious actors. We know blended threats introduce malware. Our 2014 Annual Security Report notes that every Fortune 500 company that was spoken to for the report had traffic going to websites that host malware. Bloor tells us all, once again, that attack methods are becoming more complex.

To put it plainly, when it comes to networks being breached, it is not a case of if, but when.

Given this threat landscape, the topic has been a focus for vendors, meaning analysts—most recently Bloor Research—have analyzed these vendors by the robustness of capabilities and levels of innovation, resulting in vendor landscapes like the one below from Bloor Research. We are pleased that Cisco (Sourcefire) is the clear leader here:

Bloor Research Vendor Landscape: The highest scoring companies are nearest the center. Exact positions in each segment are calculated based on combined innovation and overall score.

In addition to mapping how vendor technology stacks up, they share a few reminders of vital importance:

“Many traditional controls are no longer up to the task of defending against complex, sophisticated attacks, which are using custom-developed malware in many cases.”

“No matter how good the front-end controls are, some exploits will always get through. It is not a case of if, but when, an organization’s network will be breached.”

“The ability to uncover threats lurking on networks is therefore a key consideration in protecting networks, and the valuable information that they contain, against advanced targeted attacks so that actions can be taken to remediate and recover from incidents as quickly as possible before serious damage can be done.”

Bloor also includes a Market Map, looking at different market segments that range from specialized vendors up to the most robust segment of companies providing “fully automated advanced threat protection and response capabilities.” AMP placed as a leader as a “a one-stop shop for advanced threat protection and remediation.”

What is interesting is that we are a clear leader in Bloor’s assessment based on our advanced threat protection and response capabilities, and our leadership only grows wider when factoring in our true differentiator that nobody else offers – Retrospective Security.

We need to not only block threats during attacks, but also account for what to do after attacks—as invariably a threat will evade a point-in-time technology. For this reason, our AMP product forcefully confronts advanced malware with a unique approach, combining leading security effectiveness and detection rates with continuous capability to address an important gap that exists in all point-in-time products. This means, unlike other products, we never lose sight of files and can “go back in time” at any point to retrospectively identify and instantly remediate any file that initially evaded point-in-time defenses.

We also believe Advanced Malware Protection (AMP) must be everywhere—as pervasive as the threats themselves. We offer AMP for all enforcement points and vectors in the extended network: on networks, endpoints, mobile devices, virtual systems, web, and email gateways—wherever threats can manifest.

What is more, with AMP deployed, when a threat is seen in one vector, the rest of the infrastructure is instantly aware and automatically updates against it for instant remediation. Only Advanced Malware Protection offers this.

We must also do this across the full attack continuum with protection before, during, and after an attack.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.